HardenedBSD/secure/Makefile
Kyle Evans f27f39db77 [1/3] Initial infrastructure for SSL root bundle in base
This setup will add the trusted certificates from the Mozilla NSS bundle
to base.

This commit includes:
- CAROOT option to opt out of installation of certs
- mtree amendments for final destinations
- infrastructure to fetch/update certs, along with instructions

A follow-up commit will add a certctl(8) utility to give the user control
over trust specifics. Another follow-up commit will actually commit the
initial result of updatecerts.

This work was done primarily by allanjude@, with minor contributions by
myself.

No objection from:	secteam
Relnotes:	yes
Differential Revision:	https://reviews.freebsd.org/D16856
2019-10-02 01:05:29 +00:00

42 lines
949 B
Makefile

# $FreeBSD$
.include <src.opts.mk>
SUBDIR= lib .WAIT \
libexec usr.bin usr.sbin
SUBDIR_PARALLEL=
SUBDIR.${MK_TESTS}+= tests
SUBDIR.${MK_CAROOT}+= caroot
# These are the programs which depend on crypto, but not Kerberos.
SPROGS= lib/libfetch lib/libpam lib/libradius lib/libtelnet \
bin/ed libexec/telnetd usr.bin/fetch usr.bin/telnet \
usr.sbin/ppp usr.sbin/tcpdump/tcpdump
.if ${MK_SENDMAIL} != "no"
SPROGS+=usr.sbin/sendmail
.endif
# This target is used to rebuild these programs with crypto.
secure: .MAKE .PHONY
.for entry in ${SPROGS}
cd ${.CURDIR:H}/${entry}; \
${MAKE} cleandir; \
${MAKE} obj; \
${MAKE} all; \
${MAKE} install
.endfor
# This target is used to rebuild these programs without crypto.
insecure: .MAKE .PHONY
.for entry in ${SPROGS}
cd ${.CURDIR:H}/${entry}; \
${MAKE} MK_CRYPT=no cleandir; \
${MAKE} MK_CRYPT=no obj; \
${MAKE} MK_CRYPT=no all; \
${MAKE} MK_CRYPT=no install
.endfor
.include <bsd.subdir.mk>